Bug 853164

Summary: setuid program should have full RELRO
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: high    
Version: 18CC: jonathan, kzak, mluscon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-11 18:52:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 853068    

Description Steve Grubb 2012-08-30 16:03:03 UTC 
Description of problem:
Setuid/gid should have full RELRO support enabled for extra protection. Also, network facing program should have PIE flags enabled for new ASLR each run.


FILE                                                TYPE        RELRO    PIE 
/usr/bin/chfn                                       setuid      partial  yes 
/usr/bin/chsh                                       setuid      partial  yes
/usr/bin/logger                                     network-ip  partial  no  
/usr/bin/mount                                      setuid      partial  yes 
/usr/bin/umount                                     setuid      partial  yes 
/usr/bin/write                                      setgid      partial  yes

You can use this program for testing:
http://people.redhat.com/sgrubb/files/rpm-chksec
Comment 1 Fedora Update System 2012-09-06 12:08:26 UTC 
util-linux-2.22-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/util-linux-2.22-1.fc18
Comment 2 Karel Zak 2012-09-06 12:24:17 UTC 
(In reply to comment #0)
> FILE                                                TYPE        RELRO    PIE 
> /usr/bin/logger                                     network-ip  partial  no

I don't see reason to think about logger(1) as about security sensitive program. It just writes to syslog (and yes, you can connect() to remote server). IMHO is to overkill to PIE all programs like logger(1).

The spec file has been fixed and BIND_NOW and GNU_RELRO is used for all suid programs (!= logger) in util-linux now. Thanks for the report.
Comment 3 Karel Zak 2012-09-06 13:37:22 UTC 
And note that logger(1) only write() to network socket. It does not parse any input from network.
Comment 4 Steve Grubb 2012-09-06 13:42:07 UTC 
It may be true that it only writes, but before that it has to do dns lookup and parse the results. You have to consider the dns server to be malicious. While this is done by an underlying library, there is exposure. If you don't want to harden logger, we can skip it for now.
Comment 5 Fedora Update System 2012-09-17 22:00:48 UTC 
util-linux-2.22-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.